X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/blobdiff_plain/3a23cdde7d5621bc8d723d2226945ee5243115f3..0a35e8a3525db58bf38cd6ffdc45c7baaae04dd8:/debian/changelog diff --git a/debian/changelog b/debian/changelog index 6012bc3bf..86f1f036d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,24 +1,27 @@ -ikiwiki (2.48) UNRELEASED; urgency=low +ikiwiki (2.49) UNRELEASED; urgency=low + * haiku: Generate valid xhtml. + + -- Joey Hess Fri, 30 May 2008 19:08:54 -0400 + +ikiwiki (2.48) unstable; urgency=high + + * Fix security hole that occurred if openid and passwordauth were both + enabled. passwordauth would allow logging in as a known openid, with an + empty password. Closes: #483770 * Add rel=nofollow to edit links. This may prevent some spiders from pounding on the cgi following edit links. - * When calling decode_utf8 on known-problimatic content in aggregate, - explicitly pass 0 (FB_DEFAULT) as the second parameter. Apparently perl - 5.8 needs this to avoid crashing on malformed utf-8, despite its docs - saying it is the default. * passwordauth: If Authen::Passphrase is installed, use it to store password hashes, crypted with Eksblowfish. - * Existing cleartext passwords in the userdb will be automatically hashed - (if Authen::Passphrase is installed) the next time a user logs in. - Or `ikiwiki-transition hashpassword /path/to/srcdir` can be used to force - a conversion. - * Passwords will no longer be mailed, but instead a password reset link - mailed. + * `ikiwiki-transiition hashpassword /path/to/srcdir` can be used to + hash existing plaintext passwords. + * Passwords will no longer be mailed, but instead a password reset link. * The password_cost config setting is provided as a "more security" knob. * teximg: Fix logurl. * teximg: If the log isn't written, avoid ugly error messages. + * Updated French translation. Closes: #478530 - -- Joey Hess Wed, 28 May 2008 03:07:37 -0400 + -- Joey Hess Fri, 30 May 2008 17:36:07 -0400 ikiwiki (2.47) unstable; urgency=low